This repository was archived by the owner on Apr 12, 2024. It is now read-only.
This repository was archived by the owner on Apr 12, 2024. It is now read-only.
imgSrcSanitizationWhitelist seems too broad #8274
Closed
Description
in
https://github.com/angular/angular.js/blob/master/src/ng/sanitizeUri.js
imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file|blob):|data:image\//;
probably should be:
imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file|blob):|^\s*data:image\//;
otherwise:
javascript:alert(1)//data:image/
passes as valid.